0
I have compiled a binary that I want to distribute to other people.
It's closed-source, but I want to provide users of the binary with confidence that it cannot possibly access the internet, microphone, printer, etc. It also shouldn't be able to read/write files/directories on the filesystem unless they provide that program with access to that file/directory explicitly.
Is this possible in other, more user-friendly ways than telling users to use something like SELinux or AppArmor, where the user has to do something special to run the binary (as opposed to a simple ./program
)?
"With regard to sandboxing against various hardware (microphones, network,...), whatever part of this cannot be restricted by user permissions, would require at least lxc or a virtual machine. That makes things more complicated." Would SELinux or AppArmor not work for that? – ccoder987 – 2016-01-05T10:31:10.230